Minor Chrome release fixes serious bugs

Google has updated the Chrome browser to version 43.0.2357.130 for Windows, Mac, and Linux.

The Chrome update has fixed at least two high severity bugs, as can be seen by the partial list released on the Chrome blog, but other details remain scarce, because as Google makes clear in its blog post:

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

One anonymous researcher received a bounty of $5,000 / €4,440 for reporting a serious scheme validation error in WebUI, now fixed and detailed as CVE-2015-1266.

According to a report on Softpedia, one other known fix targets a high-profile issue unveiled by Polish researcher Mariusz Mlynski at this year’s Pwn2Own hacking competition. Mlynski demonstrated an attack that exploited a cross-origin vulnerability in Mozilla Firefox to achieve privilege escalation within the browser in less than a second. The Chrome bug is now known as CVE-2015-1268, and consists of a cross-origin bypass in the browser’s Blink engine.

Event sponsor HP described the Pwn2Own unveil as ‘knocking it out of the park’ in a blog post, saying Mlynski: “Stepped up to Mozilla Firefox and knocked it out of the park through a cross-origin vulnerability followed by privilege escalation within the browser – all within .542 seconds. This allowed him to execute a logical flaw to escalate to SYSTEM in Windows and take home $30,000 USD for the Firefox bug and an additional $25,000 bonus for the privilege escalation.”

Google recently announced it would pay out research grants to security researchers seeking out potential bugs, even if they turn up empty-handed, as We Live Security reported back in February. A new ‘experimental’ tier has been added to Google’s Security Reward Program, with grants of up to $3,133.70 available for security researchers who apply to investigate specific Google services.